- Two separate health data breaches were recently reported at facilities in Illinois and North Carolina. While the two have different causes, healthcare organizations should still take note to ensure that they do not experience identical situations, and have current and comprehensive data security plans in place.
Illinois theft compromises info. of 1,000 individuals
Barrington Orthopedic Specialists recently reported that 1,009 individuals potentially had their PHI compromised following the theft of a laptop and EMG machine.
The Illinois facility explained in a statement posted on its website that the health data breach was discovered on August 18, 2015, but the incident is believed to have taken place sometime between August 14 and August 18.
Information possibly exposed includes patient names, dates of birth and EMG results and reports. The statement did not specify how many individuals were affected, but the Office for Civil Rights breach reporting tool states that 1,009 individuals had their information involved in the incident.
“Barrington Orthopedic Specialists, Ltd. has reported the theft to the police and they are investigating,” the statement read. “We have also acquired additional equipment so that transportation of units is no longer necessary. Data sets will no longer be maintained on the laptops associated with the EMG machines. They will be maintained only on our internal server system.”
Barrington added that it does not believe that affected patients are at risk of financial identity issues as that information was not contained in the stolen items.
BCBS facility reports data privacy breach
Blue Cross and Blue Shield of North Carolina (BCBSNC) became aware of two separate August 2015 incidents that potentially exposed sensitive patient information. Approximately 2,300 individuals were affected by the two incidents, according to the OCR breach reporting tool.
The first incident was discovered on August 14. BCBSNC explained in a statement that a printing error caused some members' billing invoice information to be printed on the backs of other members' invoices. The exposed information included names, addresses, internal BCBSNC account numbers, group numbers, coverage dates and premium amounts due. However, the internal BCBSNC account numbers printed were not the BCBSNC member identification numbers.
Since that incident, BCBSNC said that its printing vendor “has reviewed standard operating procedures and implemented a new quality control process.”
The second data breach was discovered on August 24, according to BCBSNC, and happened when some BCBSNC members received payment letters that included incorrect information. A spreadsheet error reportedly led to the wrong information being printed, a new quality review process has been put into place, according to BCBSNC.
Information that was sent to the wrong members included health plans purchased, effective dates, health insurance marketplace identification numbers, payment amounts, telephone numbers and payment identification numbers.
“BCBSNC regrets these situations and any inconvenience they have caused,” the statement read. “Letters to affected individuals regarding the incidents were mailed on September 10, 2015.”